bWAPP - Cross Site Scripting Reflected (AJAX-XML)

bWAPP – Cross Site Scripting Reflected (AJAX-XML)

In this walk through, we will be going through the Cross Site Scripting Reflected (AJAX-XML) vulnerability section from bWAPP Labs. We will be exploring and exploiting Reflected Cross Scripting vulnerability in AJAX-XML implementations and learn how application are affected because of it. So, let’s get started with the Hacking without any delay.

Cross Site Scripting Reflected (AJAX-XML)

Security: Low

  • Setting the security level to Low.

Security level Low

  • The application has a search functionality where we can search for movies in the DB. It uses ajax to dynamically search the input.

AJAX/XML

  • I used the below payload to check if the data is being stored in the DOM and is getting parsed however it did not work.

XSS - Reflected (AJAX/XML)

  • Next, i encoded the same payload to HTML entities and it was parsed by the application this time.

<h1> Hello <h1>

&lt;h1&gt; Hello &lt;h1&gt;

Cyberchef decode

HTML injection confirmed

  • Next, i used the below payload, encoded as HTML entities and got a pop-up in response.

<img src='#' onerror='alert(1)'>

&lt;img src&equals;&apos;&num;&apos; onerror&equals;&apos;alert&lpar;1&rpar;&apos;&gt;

Cyberchef decode

Payload

Pop up alert

Security: Medium

  • Setting the security level to Medium.

Security Level Medium

  • I used the below payload again to check if it is still vulnerable and it worked.

<h1> Hello <h1>

&lt;h1&gt; Hello &lt;h1&gt;

HTML Injection confirmed

  • Next, i used the below payload again, encoded as HTML entities and got a pop-up in response.

<img src='#' onerror='alert(1)'>

&lt;img src&equals;&apos;&num;&apos; onerror&equals;&apos;alert&lpar;1&rpar;&apos;&gt;

Payload

Pop up alert

  • Not working the high level.

Also Read: bWAPP – Cross Site Scripting Reflected (Referrer)

Conclusion:

Conclusion

So, we finally completed all the security levels for the bWAPP Cross Site Scripting Reflected (AJAX-XML) Vulnerability. We looked into the various ways how application has been set up in various levels and how we can bypass the security controls implemented. Reflected-XSS attacks can be mitigated by performing input sanitization on endpoints, whitelist the allowed characters in the input and using a WAF. Along with that, we can prevent data from any untrusted source to be dynamically written to the HTML document. On that note, i will take your leave and will meet you in next one with another bWAPP vulnerability writeup, till then “Keep Hacking”.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top